As I have already mentioned in many articles, Mobile Apps and Mobile Business Processes are becoming a routine part of daily work life, yet companies still wrestle with mobile security. They are totally correct to worry about how easily mobile devices are lost and stolen. They are also concerned that employees are quick to find new ways to use mobility for work while giving little thought to the security implications of what they do every day. I think this is due to the years of working behind the office-centric firewall which has made it possible for workers to do what they do every day without even thinking about security, as the corporate IT infrastructure protects them.
Mobility introduces entirely new kinds of risks and new ways sensitive information can be lost. This has left companies more vulnerable, or it has limited the way companies leverage mobility out of fear of becoming more vulnerable to data loss. A good enterprise grade security platform enables companies to develop and enforce policies in a systematic way. However, as you develop a security strategy, it’s important to recognize there are two fundamental pieces of a mobile security solution: remote security and local security.
- Remote security enables you to remotely secure mobile devices from a central security console using a common set of controls for all devices. I am talking Mobile Device Management (MDM) with Security functions such as remote usage tracking, remote configuration, remote lock and wipe, and remote software provisioning and updating are all essential to managing mobile security. See Afaria
- Local security consists of device level functions as part of App Development and on-device software that ensure security, often with the active participation of users. For instance user authentication, data encryption, and the segregation of business and personal functions on the device are local security controls. Some local security functions, such as data encryption and device configuration, can be done remotely using remote security controls. See Sybase Unwired Platform
Local security is important because it makes users more aware of their role in engaging in safe mobility. When they need to enter a user ID and password to run an app or access company data, it not only protects the data, it reminds the user that it’s their job to protect the data. There are other ways to use local device features to enhance mobile security. For instance many business applications use alerts to give users a choice of searching for a wireless connection before launching a data intensive operation. This also has a by-product and an important feature for controlling mobility data costs. However alerts can also be used to ensure security – if a user opts to work over a wireless connection, the device can use alerts to block an operation until the user verifies that the wireless network is secure. These local security measures, which are device specific and context sensitive, can be built as part of a mobile application.
When building a Mobile Application you should also be thinking about and planning for mobile security, you cannot develop a complete strategy without realizing that mobile security involves both remote and local security.
Please follow me on Twitter @ithain